Global Lynx - making IT better!

making IT better!

Internal Auditor for an Information Security Management System based on ISO/IEC 27000

The ISO/IEC 27000 Auditor course addresses the standard from an audit requirements point of view. It highlights the audit activities set by the ISO/IEC 19011 standard, and trains the participant to carry out audits in an organization that has implemented an information security management system based on ISO/IEC 27000.

The student who completes the course will have developed the capabilities needed to carry out internal audits of an information security management system.


To provide students with practical understanding of the audit cycle and with the skills and knowledge to:

  • Perform audits against the requirements of ISO/IEC 27002 and conducted in accordance with ISO 19011 and contribute to the continual improvement of the management system.
  • Describe with reference to the Plan, Do, Check, Act (PDCA) cycle, the purpose, structure and requirements of ISO/IEC 27002 from the point of view of an auditor.
  • Describe the responsibilities of an auditor and describe the importance of an audit for the maintenance and improvement of management systems.


This course is aimed to:

Internal and external service providers in an ISO/IEC 27002 environment, or those who have interest in information security.

Some specific roles which can benefit from this course include:
  • Auditor or assessor
  • Customer representatives
  • Managers / senior management
  • Stakeholder representatives
  • IT providers
  • Project specialists
  • ITSM Consultants
  • Individuals who want to demonstrate information security competencies
  • Service Quality Systems Auditors


There are no mandatory prerequisites for taking this training course; however, it is recommended that the participant has attended the ISO/IEC 27000 Foundation course.


The course has the following characteristics:

  • It is structured in thematic units, with a balance between theory and practice.
  • Includes a knowledge exam delivered by Global Lynx.
  • A certificate of course completion is delivered.
  • The length is 3 days.
  • Has a minimum requirement of 6 and a maximum of 25 participants.


The certification exam has the following characteristics:

  • It is applied upon customer request.
  • It does not issue any official certificate.
  • Contains 60 multiple choice questions.
  • The length is 105 minutes.
  • It s a closed-book exam; use of the ISO/IEC 27001 and ISO/IEC 27002 standards as a reference is allowed.
  • A minimum of 65% is required to approve.
  • It is paper-based.


The course has the following topics:

  1. Introduction
  2. Requirements for an Information Security Management System
  3. Basic Concepts of Auditing
  4. Planning Audit Programs for an ISMS
  5. Implementing Internal Audits for an ISMS
  6. Measuring, Monitoring and Reporting Internal Audits
  7. Improving Internal Audits for an ISMS
  8. Qualification Scheme
  9. Exam Description
  10. Review, Evaluation and Examination

Advantages offered by Global Lynx

Our instructors are certified in different ITSM, Information Security and Risk Management disciplines and have extensive experience in:

  • The design and implementation of information security management systems, policies and controls based on industry best practices in public and/or private organizations.
  • The selection, implementation and configuration of tools which support the information security processes.
  • Teaching various information security and ITSM courses in the academic and professional fields.
  • Audits of information security management systems.

The participant receives a high quality student handout.